---
name: trivy-fs
on:
  push:
    branches:
    - main
  pull_request:
    branches:
    - main
  schedule:
  - cron: "50 22 * * *"
concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
permissions:
  contents: read
jobs:
  code-scan:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
    - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3  # v3.5.0
    - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee  # v0.9.2
      with:
        scan-type: 'fs'
        ignore-unfixed: true
        format: 'sarif'
        output: 'trivy-results.sarif'
    - run: |
        jq '.runs[].tool.driver.name = "trivy-fs"' < trivy-results.sarif > tmp
        mv tmp trivy-results.sarif
    - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b  # v2.2.9
      with:
        sarif_file: 'trivy-results.sarif'
        category: trivy-fs
